From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
Hannes Frederic Sowa <hannes@stressinduktion.org>,
Dave Jones <davej@redhat.com>,
Neil Horman <nhorman@tuxdriver.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.4 10/23] sctp: fix possible seqlock seadlock in sctp_packet_transmit()
Date: Fri, 8 Aug 2014 14:34:55 -0700 [thread overview]
Message-ID: <20140808213316.201474876@linuxfoundation.org> (raw)
In-Reply-To: <20140808213315.769217722@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 757efd32d5ce31f67193cc0e6a56e4dffcc42fb1 ]
Dave reported following splat, caused by improper use of
IP_INC_STATS_BH() in process context.
BUG: using __this_cpu_add() in preemptible [00000000] code: trinity-c117/14551
caller is __this_cpu_preempt_check+0x13/0x20
CPU: 3 PID: 14551 Comm: trinity-c117 Not tainted 3.16.0+ #33
ffffffff9ec898f0 0000000047ea7e23 ffff88022d32f7f0 ffffffff9e7ee207
0000000000000003 ffff88022d32f818 ffffffff9e397eaa ffff88023ee70b40
ffff88022d32f970 ffff8801c026d580 ffff88022d32f828 ffffffff9e397ee3
Call Trace:
[<ffffffff9e7ee207>] dump_stack+0x4e/0x7a
[<ffffffff9e397eaa>] check_preemption_disabled+0xfa/0x100
[<ffffffff9e397ee3>] __this_cpu_preempt_check+0x13/0x20
[<ffffffffc0839872>] sctp_packet_transmit+0x692/0x710 [sctp]
[<ffffffffc082a7f2>] sctp_outq_flush+0x2a2/0xc30 [sctp]
[<ffffffff9e0d985c>] ? mark_held_locks+0x7c/0xb0
[<ffffffff9e7f8c6d>] ? _raw_spin_unlock_irqrestore+0x5d/0x80
[<ffffffffc082b99a>] sctp_outq_uncork+0x1a/0x20 [sctp]
[<ffffffffc081e112>] sctp_cmd_interpreter.isra.23+0x1142/0x13f0 [sctp]
[<ffffffffc081c86b>] sctp_do_sm+0xdb/0x330 [sctp]
[<ffffffff9e0b8f1b>] ? preempt_count_sub+0xab/0x100
[<ffffffffc083b350>] ? sctp_cname+0x70/0x70 [sctp]
[<ffffffffc08389ca>] sctp_primitive_ASSOCIATE+0x3a/0x50 [sctp]
[<ffffffffc083358f>] sctp_sendmsg+0x88f/0xe30 [sctp]
[<ffffffff9e0d673a>] ? lock_release_holdtime.part.28+0x9a/0x160
[<ffffffff9e0d62ce>] ? put_lock_stats.isra.27+0xe/0x30
[<ffffffff9e73b624>] inet_sendmsg+0x104/0x220
[<ffffffff9e73b525>] ? inet_sendmsg+0x5/0x220
[<ffffffff9e68ac4e>] sock_sendmsg+0x9e/0xe0
[<ffffffff9e1c0c09>] ? might_fault+0xb9/0xc0
[<ffffffff9e1c0bae>] ? might_fault+0x5e/0xc0
[<ffffffff9e68b234>] SYSC_sendto+0x124/0x1c0
[<ffffffff9e0136b0>] ? syscall_trace_enter+0x250/0x330
[<ffffffff9e68c3ce>] SyS_sendto+0xe/0x10
[<ffffffff9e7f9be4>] tracesys+0xdd/0xe2
This is a followup of commits f1d8cba61c3c4b ("inet: fix possible
seqlock deadlocks") and 7f88c6b23afbd315 ("ipv6: fix possible seqlock
deadlock in ip6_finish_output2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Reported-by: Dave Jones <davej@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sctp/output.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -587,7 +587,7 @@ out:
return err;
no_route:
kfree_skb(nskb);
- IP_INC_STATS_BH(&init_net, IPSTATS_MIB_OUTNOROUTES);
+ IP_INC_STATS(&init_net, IPSTATS_MIB_OUTNOROUTES);
/* FIXME: Returning the 'err' will effect all the associations
* associated with a socket, although only one of the paths of the
next prev parent reply other threads:[~2014-08-08 22:16 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-08 21:34 [PATCH 3.4 00/23] 3.4.103-stable review Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 01/23] inetpeer: get rid of ip_id_count Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 02/23] ip: make IP identifiers less predictable Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 03/23] net: sendmsg: fix NULL pointer dereference Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 04/23] tcp: Fix integer-overflows in TCP veno Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 05/23] tcp: Fix integer-overflow in TCP vegas Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 06/23] net: sctp: inherit auth_capable on INIT collisions Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 07/23] macvlan: Initialize vlan_features to turn on offload support Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 08/23] net: Correctly set segment mac_len in skb_segment() Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 09/23] iovec: make sure the caller actually wants anything in memcpy_fromiovecend Greg Kroah-Hartman
2014-08-08 21:34 ` Greg Kroah-Hartman [this message]
2014-08-08 21:34 ` [PATCH 3.4 11/23] sparc64: Fix argument sign extension for compat_sys_futex() Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 12/23] sparc64: Make itc_sync_lock raw Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 13/23] sparc64: Handle 32-bit tasks properly in compute_effective_address() Greg Kroah-Hartman
2014-08-08 21:34 ` [PATCH 3.4 14/23] sparc64: Fix top-level fault handling bugs Greg Kroah-Hartman
2014-08-08 21:35 ` [PATCH 3.4 15/23] sparc64: Dont bark so loudly about 32-bit tasks generating 64-bit fault addresses Greg Kroah-Hartman
2014-08-08 21:35 ` [PATCH 3.4 16/23] sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus Greg Kroah-Hartman
2014-08-08 21:35 ` [PATCH 3.4 17/23] sparc64: Add membar to Niagara2 memcpy code Greg Kroah-Hartman
2014-08-08 21:35 ` [PATCH 3.4 18/23] sparc64: Do not insert non-valid PTEs into the TSB hash table Greg Kroah-Hartman
2014-08-08 21:35 ` [PATCH 3.4 19/23] sparc64: Guard against flushing openfirmware mappings Greg Kroah-Hartman
2014-08-08 21:35 ` [PATCH 3.4 20/23] bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000 Greg Kroah-Hartman
2014-08-08 21:35 ` [PATCH 3.4 21/23] sunsab: Fix detection of BREAK on sunsab serial console Greg Kroah-Hartman
2014-08-08 21:35 ` [PATCH 3.4 22/23] sparc64: ldc_connect() should not return EINVAL when handshake is in progress Greg Kroah-Hartman
2014-08-08 21:35 ` [PATCH 3.4 23/23] arch/sparc/math-emu/math_32.c: drop stray break operator Greg Kroah-Hartman
2014-08-09 1:01 ` [PATCH 3.4 00/23] 3.4.103-stable review Guenter Roeck
2014-08-09 14:40 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140808213316.201474876@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hannes@stressinduktion.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.